freeipa.ansible_freeipa.ipaautomember (1.11.1) — module

Add and delete FreeIPA Auto Membership Rules.

Authors: Mark Hahl (@mhahl), Jake Reynolds (@jake2184), Thomas Woerner (@t-woerner)

preview | supported by community

Install collection

Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1


Add to requirements.yml

  collections:
    - name: freeipa.ansible_freeipa
      version: 1.11.1

Description

Add, modify and delete an IPA Auto Membership Rules.

Usage examples

1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure an automember rule exists
- freeipa.ansible_freeipa.ipaautomember:
    ipaadmin_password: SomeADMINpassword
    name: admins
    description: "example description"
    automember_type: group
    state: present
    inclusive:
    - key: "mail"
      expression: "example.com"
1
  • Hint
    Tasks should always be named using the name parameter.
# Delete an automember rule
- freeipa.ansible_freeipa.ipaautomember:
    ipaadmin_password: SomeADMINpassword
    name: admins
    description: "my automember rule"
    automember_type: group
    state: absent
1
  • Hint
    Tasks should always be named using the name parameter.
# Add an inclusive condition to an existing rule
- freeipa.ansible_freeipa.ipaautomember:
    ipaadmin_password: SomeADMINpassword
    name: "My domain hosts"
    automember_type: hostgroup
    action: member
    inclusive:
      - key: fqdn
        expression: ".*.mydomain.com"
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure group membership for all users has been rebuilt
- freeipa.ansible_freeipa.ipaautomember:
    ipaadmin_password: SomeADMINpassword
    automember_type: group
    state: rebuilt
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure group membership for given users has been rebuilt
- freeipa.ansible_freeipa.ipaautomember:
    ipaadmin_password: SomeADMINpassword
    users:
    - user1
    - user2
    state: rebuilt
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure hostgroup membership for all hosts has been rebuilt
- freeipa.ansible_freeipa.ipaautomember:
    ipaadmin_password: SomeADMINpassword
    automember_type: hostgroup
    state: rebuilt
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure hostgroup membership for given hosts has been rebuilt
- freeipa.ansible_freeipa.ipaautomember:
    ipaadmin_password: SomeADMINpassword
    hosts:
    - host1.mydomain.com
    - host2.mydomain.com
    state: rebuilt
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure default group fallback_group for all unmatched group entries is set
- freeipa.ansible_freeipa.ipaautomember:
    ipaadmin_password: SomeADMINpassword
    automember_type: group
    default_group: fallback_group
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure default group for all unmatched group entries is not set
- freeipa.ansible_freeipa.ipaautomember:
    ipaadmin_password: SomeADMINpassword
    default_group: ""
    automember_type: group
    state: absent
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure default hostgroup fallback_hostgroup for all unmatched group entries
# is set
- freeipa.ansible_freeipa.ipaautomember:
    ipaadmin_password: SomeADMINpassword
    automember_type: hostgroup
    default_group: fallback_hostgroup
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure default hostgroup for all unmatched group entries is not set
- freeipa.ansible_freeipa.ipaautomember:
    ipaadmin_password: SomeADMINpassword
    automember_type: hostgroup
    default_group: ""
    state: absent
1
  • Hint
    Tasks should always be named using the name parameter.
# Example playbook to ensure all orphan automember group rules are removed:
- freeipa.ansible_freeipa.ipaautomember:
    ipaadmin_password: SomeADMINpassword
    automember_type: group
    state: orphans_removed
1
  • Hint
    Tasks should always be named using the name parameter.
# Example playbook to ensure all orphan automember hostgroup rules are removed:
- freeipa.ansible_freeipa.ipaautomember:
    ipaadmin_password: SomeADMINpassword
    automember_type: hostgroup
    state: orphans_removed

Inputs

    
name:
    aliases:
    - cn
    description: The automember rule
    elements: str
    required: false
    type: list

hosts:
    description: Hosts to rebuild membership for.
    elements: str
    required: false
    type: list

state:
    choices:
    - present
    - absent
    - rebuilt
    - orphans_removed
    default: present
    description: State to ensure
    type: str

users:
    description: Users to rebuild membership for.
    elements: str
    required: false
    type: list

action:
    choices:
    - member
    - automember
    default: automember
    description: Work on automember or member level
    type: str

no_wait:
    description: Don't wait for rebuilding membership.
    type: bool

exclusive:
    aliases:
    - automemberexclusiveregex
    description: List of dictionaries containing the attribute and expression.
    elements: dict
    suboptions:
      expression:
        description: The expression of the regex
        required: true
        type: str
      key:
        description: The attribute of the regex
        required: true
        type: str
    type: list

inclusive:
    aliases:
    - automemberinclusiveregex
    description: List of dictionaries containing the attribute and expression.
    elements: dict
    suboptions:
      expression:
        description: The expression of the regex
        required: true
        type: str
      key:
        description: The attribute of the regex
        required: true
        type: str
    type: list

description:
    description: A description of this auto member rule
    required: false
    type: str

default_group:
    description: Default (fallback) group for all unmatched entries.
    type: str

ipaapi_context:
    choices:
    - server
    - client
    description: 'The context in which the module will execute. Executing in a

      server context is preferred. If not provided context will be

      determined by the execution environment.

      '
    required: false
    type: str

automember_type:
    choices:
    - group
    - hostgroup
    description: Grouping to which the rule applies
    required: false
    type: str

ipaadmin_password:
    description: The admin password.
    required: false
    type: str

ipaapi_ldap_cache:
    default: true
    description: Use LDAP cache for IPA connection.
    type: bool

ipaadmin_principal:
    default: admin
    description: The admin principal.
    type: str